[Fedora-directory-users] migrating from fc6/fds 1.0.4 to fc8/fds 1.1.0
by Karl J South
Hi,
I'm trying to migrate from fc6/fds 1.0.4 to fc8/fds 1.1.0, the
platform is the same, without any success. I have my old server nfs
mounted on /opt/fedora-ds and when I run migrate-ds-admin.pl
General.ConfigDirectoryAdminPwd=xxxxx i get the following error:
Beginning migration of Directory and Administration servers from
/opt/fedora-ds . . .
Beginning migration of directory server instances in /opt/fedora-ds . . .
Your new DS instance 'slapd-ldap' was successfully created.
Server failed to start !!! Please check errors log for problems
Could not start the directory server using command
'/usr/lib/dirsrv/slapd-ldap/start-slapd'. The last line from the
error log was '[01/Dec/2007:18:06:24 +0100] - Error: database plugin
ldbm database is not started
'. Error: Unknown error 256
Exiting . . .
Log file is '/tmp/migrateOs5cM2.log'
The log file contains:
[07/12/01:18:06:10] - [Migration] Info Beginning migration of
Directory and Administration servers from /opt/fedora-ds . . .
[07/12/01:18:06:10] - [Migration] Info Beginning migration of
directory server instances in /opt/fedora-ds . . .
[07/12/01:18:06:12] - [Migration] Info Your new DS instance
'slapd-ldap' was successfully created.
[07/12/01:18:06:22] - [Migration] Info Copying
/opt/fedora-ds/alias/slapd-ldap-cert8.db to
/etc/dirsrv/slapd-ldap/cert8.db
[07/12/01:18:06:22] - [Migration] Info Copying
/opt/fedora-ds/alias/slapd-ldap-key3.db to
/etc/dirsrv/slapd-ldap/key3.db
[07/12/01:18:06:22] - [Migration] Info Copying
/opt/fedora-ds/alias/secmod.db to /etc/dirsrv/slapd-ldap/secmod.db
[07/12/01:18:06:22] - [Migration] Info No
/opt/fedora-ds/alias/slapd-ldap-pin.txt to migrate
[07/12/01:18:06:22] - [Migration] Info Copying
/opt/fedora-ds/shared/config/certmap.conf to
/etc/dirsrv/slapd-ldap/certmap.conf
[07/12/01:18:16:22] - [Migration] Info Could not start the directory
server using command '/usr/lib/dirsrv/slapd-ldap/start-slapd'. The
last line from the error log was '[01/Dec/2007:18:06:24 +0100] -
Error: database plugin ldbm database is not started
'. Error: Unknown error 256
[07/12/01:18:16:23] - [Migration] Fatal Exiting . . .
Log file is '/tmp/migrateOs5cM2.log'
The log file /var/log/dirsrv/slapd-ldap/errors contains the following:
Fedora-Directory/1.1.0b2 B2007.311.1544
ldap.homenet.js:389 (/etc/dirsrv/slapd-ldap)
[01/Dec/2007:18:06:11 +0100] - dblayer_instance_start: pagesize: 4096,
pages: 193714, procpages: 7159
[01/Dec/2007:18:06:11 +0100] - cache autosizing: import cache: 204800k
[01/Dec/2007:18:06:11 +0100] - li_import_cache_autosize: 50,
import_pages: 51200, pagesize: 4096
[01/Dec/2007:18:06:11 +0100] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the database
[01/Dec/2007:18:06:11 +0100] - dblayer_instance_start: pagesize: 4096,
pages: 193714, procpages: 7159
[01/Dec/2007:18:06:11 +0100] - cache autosizing: import cache: 204800k
[01/Dec/2007:18:06:11 +0100] - li_import_cache_autosize: 50,
import_pages: 51200, pagesize: 4096
[01/Dec/2007:18:06:11 +0100] - import userRoot: Beginning import job...
[01/Dec/2007:18:06:11 +0100] - import userRoot: Index buffering
enabled with bucket size 100
[01/Dec/2007:18:06:11 +0100] - import userRoot: Processing file
"/tmp/ldifni9Q3N.ldif"
[01/Dec/2007:18:06:11 +0100] - import userRoot: Finished scanning file
"/tmp/ldifni9Q3N.ldif" (1 entries)
[01/Dec/2007:18:06:12 +0100] - import userRoot: Workers finished; cleaning up...
[01/Dec/2007:18:06:12 +0100] - import userRoot: Workers cleaned up.
[01/Dec/2007:18:06:12 +0100] - import userRoot: Cleaning up producer thread...
[01/Dec/2007:18:06:12 +0100] - import userRoot: Indexing complete.
Post-processing...
[01/Dec/2007:18:06:12 +0100] - Nothing to do to build ancestorid index
[01/Dec/2007:18:06:12 +0100] - import userRoot: Flushing caches...
[01/Dec/2007:18:06:12 +0100] - import userRoot: Closing files...
[01/Dec/2007:18:06:12 +0100] - All database threads now stopped
[01/Dec/2007:18:06:12 +0100] - import userRoot: Import complete.
Processed 1 entries in 1 seconds. (1.00 entries/sec)
[01/Dec/2007:18:06:22 +0100] - Fedora-Directory/1.1.0b2 B2007.311.1544
starting up
[01/Dec/2007:18:06:23 +0100] - Clean up db environment and start from archive.
[01/Dec/2007:18:06:23 +0100] - Deleting log file:
(/var/lib/dirsrv/slapd-ldap/db/log.0000000088)
[01/Dec/2007:18:06:24 +0100] - libdb: file userRoot/id2entry.db4 has
LSN 23/8836945, past end of log at 1/84
[01/Dec/2007:18:06:24 +0100] - libdb: Commonly caused by moving a
database from one database environment
[01/Dec/2007:18:06:24 +0100] - libdb: to another without clearing the
database LSNs, or by removing all of
[01/Dec/2007:18:06:24 +0100] - libdb: the log files from a database environment
[01/Dec/2007:18:06:24 +0100] - libdb:
/var/lib/dirsrv/slapd-ldap/db/userRoot/id2entry.db4: unexpected file
type or format
[01/Dec/2007:18:06:24 +0100] - dbp->open("userRoot/id2entry.db4")
failed: Invalid argument (22)
[01/Dec/2007:18:06:24 +0100] - dblayer_instance_start fail: Invalid
argument (22)
[01/Dec/2007:18:06:24 +0100] - libdb: file NetscapeRoot/id2entry.db4
has LSN 1/1013697, past end of log at 1/140
[01/Dec/2007:18:06:24 +0100] - libdb: Commonly caused by moving a
database from one database environment
[01/Dec/2007:18:06:24 +0100] - libdb: to another without clearing the
database LSNs, or by removing all of
[01/Dec/2007:18:06:24 +0100] - libdb: the log files from a database environment
[01/Dec/2007:18:06:24 +0100] - libdb:
/var/lib/dirsrv/slapd-ldap/db/NetscapeRoot/id2entry.db4: unexpected
file type or format
[01/Dec/2007:18:06:24 +0100] - dbp->open("NetscapeRoot/id2entry.db4")
failed: Invalid argument (22)
[01/Dec/2007:18:06:24 +0100] - dblayer_instance_start fail: Invalid
argument (22)
[01/Dec/2007:18:06:24 +0100] - start: Failed to start databases,
err=22 Invalid argument
[01/Dec/2007:18:06:24 +0100] - Failed to allocate 10485760 byte
dbcache. Please reduce nsslapd-cache-autosize and Restart the server.
[01/Dec/2007:18:06:24 +0100] - Failed to start database plugin ldbm database
[01/Dec/2007:18:06:24 +0100] - WARNING: ldbm instance userRoot already exists
[01/Dec/2007:18:06:24 +0100] - WARNING: ldbm instance NetscapeRoot
already exists
[01/Dec/2007:18:06:24 +0100] binder-based resource limits -
nsLookThroughLimit: parameter error (slapi_reslimit_register() already
registered)
[01/Dec/2007:18:06:24 +0100] - start: Resource limit registration failed
[01/Dec/2007:18:06:24 +0100] - Failed to start database plugin ldbm database
[01/Dec/2007:18:06:24 +0100] - Error: Failed to resolve plugin dependencies
[01/Dec/2007:18:06:24 +0100] - Error: object plugin Roles Plugin is not started
[01/Dec/2007:18:06:24 +0100] - Error: accesscontrol plugin ACL Plugin
is not started
[01/Dec/2007:18:06:24 +0100] - Error: preoperation plugin ACL
preoperation is not started
[01/Dec/2007:18:06:24 +0100] - Error: object plugin Legacy Replication
Plugin is not started
[01/Dec/2007:18:06:24 +0100] - Error: object plugin Multimaster
Replication Plugin is not started
[01/Dec/2007:18:06:24 +0100] - Error: object plugin Class of Service
is not started
[01/Dec/2007:18:06:24 +0100] - Error: object plugin Views is not started
[01/Dec/2007:18:06:24 +0100] - Error: preoperation plugin 7-bit check
is not started
[01/Dec/2007:18:06:24 +0100] - Error: preoperation plugin HTTP Client
is not started
[01/Dec/2007:18:06:24 +0100] - Error: database plugin ldbm database is
not started
Anyone knows how to solve this?
Thanks in advance,
/KJS
16 years, 4 months
[Fedora-directory-users] multi master replication over ssl
by Elisa Pellegrini
Hi!
to configure 2 suppliers to use multi master replication over SSL, I
configure both of them to use SSL. (I use the same CA that I import in
CAcert in Manage certificate for the 2 suppliers and I create a
certificate for both of them)
Then in the guide say :
-Configure your consumer server to recognize your supplier server’s
certificate as the supplier DN. You do this only if you want to use SSL
client
authentication rather than simple authentication.
To configure 2 suppliers to recognize thei certificate what is necessary
to do?
Thanks
16 years, 4 months
[Fedora-directory-users] error in multimaster replication
by Elisa Pellegrini
Hi!
I follow guide to configure multimaster replication and I have this error:
consumer server unreachable or invalid credentials supplied.
The name og database in server A and server B is different but the
suffix is the same.
Can the problem be this?
thanks
16 years, 4 months
[Fedora-directory-users] single master replication: error
by Elisa Pellegrini
Hi!
I try to configure single master replication. I have this error in the
supplier:
simple bind failed, ldap sdk error 91,netscape portable runtime error
-5961 (tcp connection reset by peer).
What is the problem?
I configure the consumer and the suppliers as it's explain in
administation's guide.
In replication agreement wizard ask me to use ssl (is necessary to clic
next, why?). Is necessary to enable ssl in both supplier than consumer
server? (in config-encryption tab?) or is enable through the wizard?
If I use simple auth. in bind dn is necessary to specify cn=replication
manager,cn=config (create in consumer)
Thanks!
16 years, 4 months
[Fedora-directory-users] userPassword, base64 and hashing
by Mike C
Hi,
I'm trying to figure out why:
plaintext password is: password
My ldif export of the database shows:
userPassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
Now, working backwards: http://www.fileformat.info/tool/hash.htm?text=password
SHA-1 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Base64 of 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 is:
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== (Via
http://makcoder.sourceforge.net/demo/base64.php)
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== is not
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, so I'm left wondering what is wrong.
Should I be using something other than base64? If I decode
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, it doesn't even look at all like a SHA-1
value. Password encryption is set on the server to SHA (not SSHA).
I've searched the Fedora Directory Server docs and can't find any
explanation on how userPassword works in this regard (As an aside,
anyone noticed that Google doesn't seem to like indexing the docs very
much?).
What am I doing wrong? Also, if I used SSHA, where would I find the
salt from, assuming it's even possible?
Thanks,
Mike
16 years, 5 months
Re: [Freeipa-devel] [Fwd: [Fedora-directory-users] Integrating RADIUS schema in Fedora-ds]
by John Dennis
> Not sure if this is the best place to ask this but have been looking for
> some decent documentation on integrating RADIUS schema into Fedora-ds so
> I can authenticate against my directory. Tons of docs on doing the same
> with OpenLDAP, but slim to none with Fedora-ds (btw-- I do know about
> freeipa, but I'm not using it).
>
> I see my RADIUS schema object classes as radiusprofile and radiusobject
> profile; however, I can not seem to figure out how to get these
> integrated into my directory properly to use it with RADIUS. If I look
> at my 'addtional indexes' I only can add radiusprofile indexes such as
> radiusframedmtu. Would seem I am going to need to get
> radiusobjectprofile and its related indexes (uid, userPassword) in
> there if this is to work for authentication.
>
> Can anyone point me in the right direction with getting RADIUS schema
> properly integrated into my directory so I can point RADIUS at it and
> use it for user authentication??? I'm also a bit curious on the DESC
> field being blank for all the OIDs and whether they should go or
> populated with iinfo similar to the OID name.
>
> Appreciate any and all answers. Thank you...
I can send you the radius profile directory server schema we're using in
IPA. But the larger question is why do you think you need the schema in
the first place. You state all you want to do is authenticate against
DS, which means all you are doing is a bind, and most likely only a
simple bind with a plain text password. To accomplish that you'll need
to enable ldap in the authenticate section of /etc/raddb/radiusd.conf. I
believe you'll need to move ldap to be above any other plain text
password authentication mechanisms in the authenticate section so the
ldap module gets first crack, or disable the other mechanisms. In the
modules section you'll also need to set your basic ldap parameters, e.g.
server, filter, etc. The filter will need to be able to locate a user
by performing a search. The user's dn is derived from the successful
search result and that dn is then used to perform the bind with the
password found in the request auth packet. None of this requires schema.
If however you want to manage profiles with radius attribute/value pairs
then you'll need the schema, but that doesn't sound like what you're
asking for.
In any event, let me know if you want the schema, I'll send it to you.
--
John Dennis <jdennis(a)redhat.com>
16 years, 5 months
[Fedora-directory-users] Integrating RADIUS schema in Fedora-ds
by Jeff Fishbaugh
Hello:
Not sure if this is the best place to ask this but have been looking for some decent documentation on integrating RADIUS schema into Fedora-ds so I can authenticate against my directory. Tons of docs on doing the same with OpenLDAP, but slim to none with Fedora-ds (btw-- I do know about freeipa, but I'm not using it).
I see my RADIUS schema object classes as radiusprofile and radiusobject profile; however, I can not seem to figure out how to get these integrated into my directory properly to use it with RADIUS. If I look at my 'addtional indexes' I only can add radiusprofile indexes such as radiusframedmtu. Would seem I am going to need to get radiusobjectprofile and its related indexes (uid, userPassword) in there if this is to work for authentication.
Can anyone point me in the right direction with getting RADIUS schema properly integrated into my directory so I can point RADIUS at it and use it for user authentication??? I'm also a bit curious on the DESC field being blank for all the OIDs and whether they should go or populated with iinfo similar to the OID name.
Appreciate any and all answers. Thank you...
Below is my LDIF I used after converting OpenLDAP's V3 schema for RADIUS into LDIF.
RADIUS Schema LDIF created with ol-schema-migrate.pl
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.1
NAME 'radiusArapFeatures'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.2
NAME 'radiusArapSecurity'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.3
NAME 'radiusArapZoneAccess'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.44
NAME 'radiusAuthType'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.4
NAME 'radiusCallbackId'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.5
NAME 'radiusCallbackNumber'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.6
NAME 'radiusCalledStationId'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.7
NAME 'radiusCallingStationId'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.8
NAME 'radiusClass'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.45
NAME 'radiusClientIPAddress'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.9
NAME 'radiusFilterId'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.10
NAME 'radiusFramedAppleTalkLink'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.11
NAME 'radiusFramedAppleTalkNetwork'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.12
NAME 'radiusFramedAppleTalkZone'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.13
NAME 'radiusFramedCompression'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.14
NAME 'radiusFramedIPAddress'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.15
NAME 'radiusFramedIPNetmask'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.16
NAME 'radiusFramedIPXNetwork'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.17
NAME 'radiusFramedMTU'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.18
NAME 'radiusFramedProtocol'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.19
NAME 'radiusFramedRoute'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.20
NAME 'radiusFramedRouting'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.46
NAME 'radiusGroupName'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.47
NAME 'radiusHint'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.48
NAME 'radiusHuntgroupName'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.21
NAME 'radiusIdleTimeout'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.22
NAME 'radiusLoginIPHost'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.23
NAME 'radiusLoginLATGroup'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.24
NAME 'radiusLoginLATNode'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.25
NAME 'radiusLoginLATPort'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.26
NAME 'radiusLoginLATService'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.27
NAME 'radiusLoginService'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.28
NAME 'radiusLoginTCPPort'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.29
NAME 'radiusPasswordRetry'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.30
NAME 'radiusPortLimit'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.49
NAME 'radiusProfileDn'
DESC ''
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.31
NAME 'radiusPrompt'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.50
NAME 'radiusProxyToRealm'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.51
NAME 'radiusReplicateToRealm'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.52
NAME 'radiusRealm'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.32
NAME 'radiusServiceType'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.33
NAME 'radiusSessionTimeout'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.34
NAME 'radiusTerminationAction'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.35
NAME 'radiusTunnelAssignmentId'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.36
NAME 'radiusTunnelMediumType'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.37
NAME 'radiusTunnelPassword'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.38
NAME 'radiusTunnelPreference'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.39
NAME 'radiusTunnelPrivateGroupId'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.40
NAME 'radiusTunnelServerEndpoint'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.41
NAME 'radiusTunnelType'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.42
NAME 'radiusVSA'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.43
NAME 'radiusTunnelClientEndpoint'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.53
NAME 'radiusSimultaneousUse'
DESC ''
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.54
NAME 'radiusLoginTime'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.55
NAME 'radiusUserCategory'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.56
NAME 'radiusStripUserName'
DESC ''
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.57
NAME 'dialupAccess'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.58
NAME 'radiusExpiration'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.59
NAME 'radiusCheckItem'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.60
NAME 'radiusReplyItem'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.61
NAME 'radiusNASIpAddress'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.3317.4.3.1.62
NAME 'radiusReplyMessage'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
objectClasses: (
1.3.6.1.4.1.3317.4.3.2.1
NAME 'radiusprofile'
DESC ''
SUP top
AUXILIARY
MUST cn
MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusNASIpAddress $ radiusReplyMessage )
)
#
################################################################################
#
objectClasses: (
1.3.6.1.4.1.3317.4.3.2.2
NAME 'radiusObjectProfile'
DESC 'A Container Objectclass to be used for creating radius profile object'
SUP top
STRUCTURAL
MUST cn
MAY ( uid $ userPassword $ description )
)
#
################################################################################
#
16 years, 5 months
Re: [Fedora-directory-users] multi-master limit
by Jason Beavers
Good to hear. The actual directory will likely be small in size (number of objects).
So it sounds like as long as we manage the number of agreements (2-3) per node then we may be okay.
Another quick question, I assume there is a programatic call that can be made to trigger replication push for a supplier. True?
thanks,
Jason
----- Original Message ----
From: Rich Megginson <rmeggins(a)redhat.com>
To: General discussion list for the Fedora Directory server project. <fedora-directory-users(a)redhat.com>
Sent: Tuesday, December 4, 2007 9:12:19 AM
Subject: Re: [Fedora-directory-users] multi-master limit
Jason Beavers wrote:
> Hi all,
>
> New to FedoraDS. I'm doing some research for an upcoming application
> that will require LDAP.
> This App will consist of multiple servers (10 or more) in different
> geographical locations.
> Each server will authenticate against itself and serve its own local
> data.
> The full LDAP directory needs to be replicated across all servers so
> that users can login to any server.
>
> I've read that there is a limit of 4 writable servers in multi-master
> replication. Is this a hard limit or a soft (reccomendation) limit?
That means 4 is the highest number of masters we've tested
exhaustively. The protocol supports up to 2^32-2 masters, but you will
usually hit a practical limit in the number of replication agreements.
Each repl. agreement runs a separate thread, so you will usually be
constrained by resources - available RAM, processors, etc.
> The application will need to write changes directly to itself on all
> servers
The application will write the changes directly to each of the 10
masters?
> so that they are immediately available locally, then replicated to
> other servers.
>
> Is this possible with FedoraDS?
Yes, it is possible.
>
> Thanks in advance!
>
> Beavrz1
>
>
------------------------------------------------------------------------
> Get easy, one-click access to your favorites. Make Yahoo! your
> homepage.
<http://us.rd.yahoo.com/evt=51443/*http://www.yahoo.com/r/hs>
>
------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
16 years, 5 months